[sudo-commits] sudo changeset 13435:7e7e4a389f11
Todd C. Miller
Todd.Miller at sudo.ws
Wed Aug 25 14:50:12 MDT 2021
changeset: 13435:7e7e4a389f11 in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/7e7e4a389f11
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Wed Aug 25 14:24:36 2021 -0600
Log Message:
Change intercept IPC to use a localhost socket instead of inherited fd.
This allows intercept mode to work with shells that close all open
fds upon startup. The ctor in sudo_intercept.so requests the port
number and secret over the socket inherited from the parent then
closes it. For each policy request, a TCP connection is made to
the sudo parent process to perform the policy check. Child processes
re-use the TCP socket to request the port number and secret just like
the initial process started by sudo does.
diffstat:
config.h.in | 3 -
configure | 13 -
configure.ac | 7 -
include/intercept.pb-c.h | 197 ++++++++++++-----
src/exec_intercept.c | 485 +++++++++++++++++++++++++++---------------
src/exec_nopty.c | 29 +-
src/exec_pty.c | 29 +-
src/intercept.pb-c.c | 402 +++++++++++++++++++++++++++--------
src/intercept.proto | 35 ++-
src/sudo_exec.h | 6 +-
src/sudo_intercept_common.c | 495 +++++++++++++++++++++++--------------------
11 files changed, 1068 insertions(+), 633 deletions(-)
More information about the sudo-commits
mailing list